Upload
ferma
View
1.133
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Leading Risk Culture Change
Linda ConradDirector of Strategic Business RiskZurich
Paul WalkerZurich Chair in Enterprise Risk ManagementSt. John's University
Johan WillaertCorporate Risk ManagerAgfa Corporate Center
MAY 15, 2013Sponsored by
Questions?
OCTOBER 17, 2012
To ask a question … click on the “question icon” in the lower-right corner of your screen.
Linda ConradDirector of Strategic Business RiskZurich
Sponsored by
Leading Risk Culture Change
MAY 15, 2013
Paul WalkerZurich Chair in Enterprise Risk ManagementSt. John's University
Sponsored by
Leading Risk Culture Change
MAY 15, 2013
Johan WillaertCorporate Risk ManagerAgfa Corporate Center
Sponsored by
Leading Risk Culture Change
MAY 15, 2013
Leading Risk Culture Change
Linda ConradDirector of Strategic Business RiskZurich
Paul WalkerZurich Chair in Enterprise Risk ManagementSt. John's University
Johan WillaertCorporate Risk ManagerAgfa Corporate Center
MAY 15, 2013Sponsored by
INTERNAL USE ONLY
• The culture must support challenging leadership on critical elements of strategy
• Over time, it will become an engrained process• ERM can eventually be used more tactically• Approach becomes consistent across the
business• Engages the entire organization in risk
awareness• High performance operating model achieved• Organization can consciously increase risk
tolerance levels to profit from prudent risks
Culture is key to turning risk into reward
The only real mistake is the one from which we learn nothing.
- Henry Ford
INTERNAL USE ONLY 8
Enterprise risk requires leadership
Maximize growth opportunities
Better informed decision-making
Optimize risk and opportunity balance
Reduce volatility in business results
Identify and manage key exposures
Decrease total cost of capital by increasing risk transparency
INTERNAL USE ONLY 9
Steps to leadership in ERM
Set action plan and follow-up / review periodically5
Gain support from Senior Management1
Define the scope of initiative and communicate2
Map key strategic risks and vet with stakeholders3
Conduct strategic risk assessments to prioritize risks and opportunities4
Incorporate into strategic planning cycle
INTERNAL USE ONLY
• More than just an ‘Executive Sponsor’
• Should be driven by the CEO and / or Board of Directors
• Must be a recognition of the value to the organization
• Perfect opportunity to be introspective about past / current strategy, and key lessons to help repeat successes and avoid failures
• Encompasses Risk Management / Insurance function
• “Top-down” approach maintains strategic focus
Gain support from Senior Management1
INTERNAL USE ONLY
• Will ERM be undertaken company-wide? At the BU level? On specific project(s)?
• Who are the key stakeholders in the initiative?
• What is the organization’s risk appetite?
• What time horizon will be examined?
• Objectives must be defined: How will success be determined?
• Metrics should be embedded where possible to:- Measure success / failure rate- Support an early warning system – ‘Key Risk Indicators’
• Plan communications to key stakeholders – share results (successes and failures)
Define the scope of initiative and communicate2
INTERNAL USE ONLY
Map the key strategic risks and vet with stakeholders3
INTERNAL USE ONLY
Conduct Total Risk Profiling assessments to prioritize risks and opportunities
4
Incr
easing
risk
IIIIIIIV
F
E
D
C
B
A
Frequ
ency
Severity
INCREA
SING R
ISK
• Strategic Risk Assessments seek to:
• Identify• Define• Assess• Manage
• Very important to visualize risk levels
• Supports prioritization of risks and opportunities
• Variety of methods and styles, and must be tailored to the organization
INTERNAL USE ONLY
Set action plan and follow-up / review periodically5
• Strategy and risk management actions should be set in parallel
• Actions should focus on most critical risks or largest opportunities
• Leadership should evaluate the anticipated effectiveness of risk improvements
• Ownership and accountability are key – close the gap
• Review is critical:- At set intervals (quarterly, biannually, etc.)- As significant change is experienced (leadership, underlying
assumptions, objectives, etc.)
• Measure! Measure! Measure!
INTERNAL USE ONLY
Culture change demands a C- shiftTM
State of the Union: Mismanaged risks cost money and ultimately loss in shareholder value. It can also prevent you from taking advantage of opportunities that drive innovation and growth
The more you understand the risk exposures within your business, the more you can make informed decisions to prepare for the risk and promote the right opportunities
Risk Culture With Communication: C-Shift provides the structure for dealing with risks systematically and successfully
Prepare your company to understand the need for a risk culture from the “top down” so risk can be communicated and understood. This will minimize the negative effects of risk on your capital and earning, and encourage profitable growth
INTERNAL USE ONLY
Embed a proactive corporate risk culture
Build a Risk Culture prior to implementing a Risk Framework 1.Communication: Make a Commitment to Stakeholders about an “Open Environment” on risk culture and management. This includes employees, shareholders, partners, customers.
2.Leadership: Positive Messaging “Tone from the Top” and ownership of ERM from top to bottom of the firm
3.Growth: ERM into Action by linking the organization Risk Framework to Profit, to drive accountability
4.Sustainability: Focus on Implementing to align with long term Corporate Goals
Source: Survey by Harvard Business Review Analytic Services in conjunction with Zurich Financial Services Group (Zurich) January 17, 2012
INTERNAL USE ONLY
C-Shift: cultural shift to risk accountability
INTERNAL USE ONLY
Align Key Performance and Key Risk Indicators to business manage risk
• Key Performance Indicators (KPIs) help a firm see how it is performing in relation to its strategic goals and objectives.
• Key Risk Indicators (KRIs) are leading indicators of risk to business performance, giving an early warning to identify a potential risk event.
• Zurich uses KRIs to monitor risks are in the areas such as:• natural catastrophe risks (percentage of group shareholder
equity)• asset-liability matching (duration mismatch)• strategic asset allocation (percent allowed in investment
categories)• credit risk (weighted average credit rating)• other risks specific to business or functional areas
INTERNAL USE ONLY
Enterprise Risk Wheel
INTERNAL USE ONLY
Leadership in Risk: bridging the gap
Engage with leadership by using ERM to go beyond compliance by applying ERM tools for operational and strategic purposes
• mergers and acquisitions • business resiliency • new project and product development • customers’ risks• decisions made in the marketplace• other
INTERNAL USE ONLY
Zurich’s family of risk tools
Risk understandin
g
Total Risk
Profiling
Risk Room
Natural Catastrophe -Location risk
Profit risk
exposure
Disruption understandin
gBusiness
interruption analysis
Risk assessmen
t
Provides macro country insights, e.g. political stability, economic status, labour situation
Provides exposure information for Zurich, customer or supplier locations in respect of e.g. floods, earthquakes, windstorm, related transport infrastructure
Helps in the understanding of the level and nature of disruptions in a particular industry or a particular location from our proprietary database
Enables a company to understand its total customer or supply chain profit exposure in terms of a particular location, country or region
Helps a company model its relevant BI exposures
Formalised assessment of relevant areas which are part of the due diligence
process in sourcing
Structured approach to defining risk appetite and
prioritisation for dealing with risks in the value
chain
Visit www.zurich.com/riskroom and www.SupplyChainRiskInsights.com for more info, and search for our free app of the Zurich Risk Room in the iTunes or Google Play store
INTERNAL USE ONLY
Total Risk Profiling (TRP)
Define the risk appetite Prioritize risk scenarios and develop improvement plan
A
B
C
D
E
F
IV III II I
PR
OB
AB
ILIT
Y
SEVERITY
36
42
51
Prioritized
Develop risk scenarios Quantify financial severity and assess probability
TIM
ELIN
E!!
1. VULNERABILITY• what?• where• controls?
2. TRIGGER• how?• why?• when?
3. CONSEQUENCES• how big?• how bad?• how much?
TIM
ELIN
E!!
1. VULNERABILITY• what?• where• controls?
2. TRIGGER• how?• why?• when?
3. CONSEQUENCES• how big?• how bad?• how much?
How can you deal with risks that you don’t even know are there?
Visit www.ZurichERM.com for more information
INTERNAL USE ONLY
Proactive in the business life cycle
Zurich-sponsored HBR Survey: “Risk Management in a Time of Global Uncertainty
You know when you’re really getting good at risk management, when the company does its risk assessment at the project kickoff rather than at the end.
– Angela Herrin, Harvard Business Review Analytics Services
INTERNAL USE ONLY
Turning risk into results
After Zurich introduced an enhanced operational risk management framework
• One business unit reduced operational risk-based capital (RBC) consumption by 21.7 percent when Zurich moved from an asset-based to a risk- based approach for operational risk quantification
• The business unit then identified high risk exposures, performed a deeper assessment and developed mitigation measures.
• The unit experienced an additional reduction of 28.9 percent in operational risk capital consumption the following year.
• Operational risk capital not consumed was then available to fund profitable growth for Zurich.
INTERNAL USE ONLY
Customers Shareholders
Regulator Ratings
View of future earnings and sustainability is impacted by
perception of risk and its
management. SHV
Rating Agencies are now looking at ERM. Risk
management therefore impacting the cost of funding capital.
Rating Cost of Capital
Want well managed insurers who can manage the risks that they face.
Customer Value
Capital regimes mean that risk management is having an impact on the level of capital required.
Reputation Regulatory Capital
Management
Employees
Agents & Brokers
Enterprise risk leadership benefits all stakeholders
Risk Oversight
• Item 407(h) also requires companies to describe the role of the board of directors in the oversight of risk. Recently, the U.S. Government Accountability Office found that economic output losses from the 2007-2009 financial crisis could exceed $13 trillion. Given the magnitude of that crisis, which continues to be felt, it would be difficult to overemphasize the importance that investors place on questions of risk management. – Luis A Aguilar, SEC, Feb 20, 2013
What the prof saw…• “We’re just going to do compliance ERM.”
• CFO• “I’ve never heard any of that.”
– NYSE Board member• “Can’t criticize anything we do.”
– NYSE Chairman of the board• “We cleanse it before it gets to the board.”
– Fortune 100• “Organization’s top risk is culture and
communication.”
Board complaints
• Not getting strategy/risk info timely; no real time to digest/question.
• Says ERM but looks like silos.• ERM leader does not think broadly enough.• We do not assess board effectiveness in risk,
strategic risks, or risk oversight!• Good information…
Getting good information
– “CEOs can share only what they want to share.”
– “The question for most boards members [is this]: Are they getting good information? And I would argue that, in some cases, they are not.”
Improve transparency
• “When you have a good CEO who is open and transparent, you are able to get good [risk] information. When you don’t, it’s the board’s responsibility to create an environment where they get the information they need… and not be passive or be managed.” – Board member
Boards
• Get engaged• Do more than listen• Understand the risk culture• Ask the right risk questions
Leading Risk Culture Change Webinar
Johan Willaert Board member FERMA
15 May 2013
agenda• Risk governance and risk committee • Risk appetite and risk tolerance • Strategic and operational goals versus risk
management• Channels of communication: link with
– Internal audit– business units
Risk governance and risk committee:
• How to organize and • How to make this organisation work and make
it ‘focus driven’ with focus on operational and strategic goals
MGD11.5.10© Vlerick Leuven Gent Management School
Corporate Strategy
Management Culture
Management Architecture
Corporate Governance
Risk Management: Risk Management: Integrated Integrated ApproachApproach
Internal risks:Internal control
Financial risks
Infrastructure risks
Compliance
Intellectual property
…..
External Risks:Economic environment
Environmental hazards
Reputational risks
Marketplace risks
….
Risk appetite and risk tolerance: • to be prepared at C-suite level and • approved and monitored at board level
Strategic and operational goals versus risk management (1):
• Link risk management and better performance (see FERMA benchmarking survey 2012)
Strategic and operational goals versus risk management (2):
• Importance of & risk
culture
risk awareness
Channels of communication: link with • internal audit: (3 lines of defence)
• business units (top-down and bottom-up)
MGD11.5.10© Vlerick Leuven Gent Management School
Audit Committee
CEO + ExecutiveCommittee
The Board
Business support groups:
Business unit operations:
Group risk oversight & compliancegroup risk profile
Individual managers
Operationalrisk
managem
entERM
Different management levels have to communicate (top-down & bottom-up)
tactical level
operational level
strategic
Questions?
OCTOBER 17, 2012
To ask a question … click on the “question icon” in the lower-right corner of your screen.
Thank you for joining us!
MAY 15, 2013
INTERNAL USE ONLY
Copyright 2013
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this presentation is not tied to any specific insurance product nor will adopting these policies and procedures
ensure coverage under any insurance policy.
Zurich Insurance Group
44